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DETAILED ACTION 



Acknowledgements 

1 . Claims 1-22 are now pending in this application and have been examined. 

2. The following is a NON-FINAL Office Action in response to the communication 
received on 09 June 2009. 

Claim Rejections - 35 USC §103 

3. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

4. Claims 1-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over Hogan et al. 
(US Patent No. 6,915,279 B2) ("Hogan") in view of Dominguez et al. (US Pub. No.: 
2003/0200184 Al) ("Dominguez"). 

5. Referring to claim 1, Hogan discloses the following: 

a) an issuer ("issuer 406") platform layer including at least one 3-D Secure authentication 
program ("authentication data 414") (see abstract, figures 2, 6, column 1, line 37 through column 
2, line 47, column 6, lines 1-18, column 14, lines 4-64, column 21, lines 1-35, column 22, lines 
53-67); 
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b) an secure payment algorithm (SPA) (see column 1, line 37 through column 2, line 47, 
column 6, lines 1-18, table II, column 7, lines 1-18, column 9, lines 51-67, column 24, lines 51- 
67); and 

Hogan does not expressly disclose a merchant plug-in (MPI; a data transport layer, wherein 
the issuer platform comprises an access control server (ACS) that uses the SPA to process 
transaction and cardholder information for authentication by an authentication method and to 
generate an Accountholder Authentication Value (AAV) and conveys the AAV through the data 
transport layer to the MPI, wherein the AAV is a formatted data structure compatible with 3-D 
Secure message protocols, wherein the formatted data structure has a length of at most 20-bytes 
including bytes that identify a hash of the merchant's name, bytes that identify the ACS, bytes 
that identify the authentication method, bytes that identify secret cryptographic keys and bytes 
that include a merchant authentication code (MAC). 

Dominguez discloses a merchant plug-in (MPI) (see abstract, ]flj 0008-0010); a data transport 
layer, wherein the issuer platform comprises an access control server (ACS) that uses the SPA to 
process transaction and cardholder information for authentication by an authentication method 
and to generate an Accountholder Authentication Value (AAV) and conveys the AAV through 
the data transport layer to the MPI, wherein the AAV is a formatted data structure compatible 
with 3-D Secure message protocols, wherein the formatted data structure has a length of at most 
20-bytes including bytes that identify a hash of the merchant's name, bytes that identify the ACS, 
bytes that identify the authentication method, bytes that identify secret cryptographic keys and 
bytes that include a merchant authentication code (MAC) (see abstract, 0008-0013). 
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Therefore, at the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to have modified of Hogan for a system and method for conducting 
secure payment transactions with the features of Dominguez for a system and method of mobile 
account authentication service in order to provide the authentication the identity of the payer in 
an online or mobile transaction would be desirable. 

Referring to claim 2 , Hogan further discloses wherein the AAV is a formatted data structure 
that is Base 64 encoded (see abstract, figures 1,9, 1, column 1, line 37 through column 2, line 47, 
lines 37-61, column 2, lines 1-37, column 3, lines 27-58, column 6, lines 1-18, column 11, lines 
30-58, column 24, lines 1-67). 

6. Referring to claim 3 , Hogan further discloses wherein the SPA comprises an encryption 
algorithm for generating the MAC, wherein the encryption algorithm uses a secret key identified 
in the AAV to encrypt a concatenation of the card holder's account number and a plurality of the 
fields of the bytes 6fthe AAV excluding bytes that represent the MAC, and wherein a portion of 
the encryption result forms the MAC bytes in the 25 AAV (see abstract, column 6, lines 1-18, 
table II, column 7, lines 1-18, column 9, lines 51-67, column 24, lines 51-67). 

7. Referring to claim 4 , Hogan further discloses wherein the SPA comprises an encryption 
algorithm for generating the MAC, wherein the encryption algorithm uses a pair of secret keys A 
and B that are identified in the AAV to encrypt a concatenation of the card holder's account 
number, card expiration date and service code to generate a 30 three-digit CVC2 field, and uses 
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the result to populate two bytes of the MAC (see abstract, column 6, lines 1-18, table II, column 

7. lines 1-18, column 9, lines 51-67, column 24, lines 51-67). 

8. Referring to claim 5 , Hogan further discloses wherein the pair of secret keys A and B are 
64- bit Data Encryption Standard (DES) keys (see abstract, column 6, lines 1-18, table II, column 
7, lines 1-18, column 9, lines 51-67, column 24, lines 51-67). 

9. Referring to claim 6 , Hogan further discloses wherein the ACS is configured to generate 
an AAV in response to a payment authentication request message from the MPI to the ACS (see 
abstract, figures 2, 6, column 1, lines 37-61, column 2, lines 1-37, column 3, lines 27-58, column 
6, lines 1-18, column 14, lines 4-64, column 21, lines 1-35, column 22, lines 53-67). 

10. Referring to claim 7 , Hogan further discloses which is configured to transport the A.AV 
in a payment authentication response message from the ACS (see abstract, figures 2, 6, column 
1, lines 37-61, column 2, lines 1-37, column 3, lines 27-58, column 6, lines 1-18, column 14, 
lines 4-64, column 21, lines 1-35, column 22, lines 53-67). 

1 1 . Referring to claim 8 , Hogan further discloses wherein the ACS is further configured to 
place a digital signature on the payment authentication response message (see abstract, figures 2, 
6, column 1, lines 37-61, column 2, lines 1-37, column 3, lines 27-58, column 6, lines 1-18, 
column 14, lines 4-64, column 21, lines 1-35, column 22, lines 53-67). 
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12. Referring to claim 9 , Hogan further discloses wherein the MPI is configured to verify the 
digital signature on a received payment authentication response message (see abstract, figures 2, 
6, column 1, lines 37-61, column 2, lines 1-37, column 3, lines 27-58, column 6, lines 1-18, 
column 14, lines 4-64, column 21, lines 1-35, column 22, lines 53-67). 

13. Referring to claim 10 , Hogan further discloses wherein the MPI is configured to extract 
the MAC fields included in a payment authentication response message from the ACS and to 
place the extracted MAC in a payment authorization request message to a third party (see 
abstract, figures 2, 6, column 1, lines 37-61, column 2, lines 1-37, column 3, lines 27-58, column 
6, lines 1-18, column 14, lines 4-64, column 21, lines 1-35, column 22, lines 53-67). 

14. Referring to claim 1 1 , Hogan does not expressly disclose a data structure for conveying 
cardholder transaction authentication information amongst stakeholders in a 3-D Secure 
environment, the data structure comprising 20 bytes of Base 64 encoded characters, wherein the 
first byte is a control byte, bytes 2-9 represent a hash of a merchant name, byte 10 identifies an 
Access control server (ACS) that authenticates the cardholder transaction by an authentication 
method, byte 1 1 identifies the authentication method and the secret encryption keys that are used 
by the ACS to generate a Merchant Authentication 'Code (MAC), bytes 12- 15 represent a 
transaction sequence number identifying a transaction number processed by the ACS, and bytes 
16-20 represent the MAC. 

Dominguez discloses a data structure for conveying cardholder transaction authentication 
information amongst stakeholders in a 3-D Secure environment, the data structure comprising 20 
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bytes of Base 64 encoded characters, wherein the first byte is a control byte, bytes 2-9 represent 
a hash of a merchant name, byte 10 identifies an Access control server (ACS) that authenticates 
the cardholder transaction by an authentication method, byte 1 1 identifies the authentication 
method and the secret encryption keys that are used by the ACS to generate a Merchant 
Authentication 'Code (MAC), bytes 12-15 represent a transaction sequence number identifying a 
transaction number processed by the ACS, and bytes 16-20 represent the MAC (see abstract, 
0008-0013). 

Therefore, at the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to have modified of Hogan for a system and method for conducting 
secure payment transactions with the features of Dominguez for a system and method of mobile 
account authentication service in order to provide the authentication the identity of the payer in 
an online or mobile transaction would be desirable. 

15. Referring to claim 12 , Hogan further discloses wherein the MAC comprises portions of 
an encryption of a concatenation of the card holder's account number and a plurality of the fields 
of bytes 1-15 of the data structure, and wherein a single key identified in byte 1 1 is used for 
encryption (see abstract, figures 2, 6, column 1, line 37 through column 2, line 47, column 3, 
lines 27-58, column 6, lines 1-18, column 14, lines 4-64, column 21, lines 1-35, column 22, lines 
53-67). 



16. Referring to claim 13 , Hogan further discloses wherein the MAC comprises portions of 
an encryption of a concatenation of the card holder's account number, card expiration date and 
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service code, and wherein a pair of keys A and B that are identified in byte 1 1 is used for 
encryption (see abstract, figures 2, 6, column 1, lines 37-61, column 2, lines 1-37, column 3, 
lines 27-58, column 6, lines 1-18, column 14, lines 4-64, column 21, lines 1-35, column 22, lines 
53-67). 

17. Referring to claim 14 , Hogan further discloses wherein a three-digit encryption result is 
used to populate two bytes of the MAC bytes 16-20 (see abstract, figures 2, 6, column 1, line 37 
through column 2, line 47, column 3, lines 27-58, column 6, lines 1-18, column 14, lines 4-64, 
column 21, lines 1-35, column 22, lines 53-67). 

18. Referring to claim 15 , Hogan further discloses wherein the pair of secret keys A and B 
are 64 bit Data Encryption Standard (DES) keys (see abstract, figures 2, 6, column 1, line 37 
through column 2, line 47, lines 1-37, column 3, lines 27-58, column 6, lines 1-18, column 14, 
lines 4-64, column 21, lines 1-35, column 22, lines 53-67). 

19. Referring to claim 16 , Hogan discloses the following: 

a) using an Access control server (ACS) to process cardholder and transaction information 
to authenticate the cardholder by an authentication method (see abstract, figures 2, 6, column 1, 
lines 37-61, column 2, lines 1-37, column 3, lines 27-58, column 6, lines 1-18, column 14, lines 
4-64, column 21, lines 1-35, column 22, lines 53-67); 

Hogan does not expressly disclose deploying a secure payment algorithm (SPA) to generate 
an Accountholder Authentication Value (AAV) to represent the authentication results, and 
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transporting the AAV in 3-D Secure messages to the merchant, wherein the AAV is a formatted 
data structure that has a length of at most 20 bytes, including bytes that identify a hash of the 
merchant's name, bytes that identify the ACS, bytes that identify the authentication method, 
bytes that include a merchant authentication code (MAC), and bytes that identify secret 
cryptographic keys that are used by the SPA to generate MAC. 

Dominguez discloses deploying a secure payment algorithm (SPA) to generate an 
Accountholder Authentication Value (AAV) to represent the authentication results, and 
transporting the AAV in 3-D Secure messages to the merchant, wherein the AAV is a formatted 
data structure that has a length of at most 20 bytes, including bytes that identify a hash of the 
merchant's name, bytes that identify the ACS, bytes that identify the authentication method, 
bytes that include a merchant authentication code (MAC), and bytes that identify secret 
cryptographic keys that are used by the SPA to generate MAC (see abstract, 0008-0013). 

Therefore, at the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to have modified of Hogan for a system and method for conducting 
secure payment transactions with the features of Dominguez for a system and method of mobile 
account authentication service in order to provide the authentication the identity of the payer in 
an online or mobile transaction would be desirable. 

20. Referring to claim 17 , Hogan further discloses wherein the AAV is a formatted data 
structure that is Base 64 encoded (see abstract, figures 1,9, 1, lines 37-61, column 2, lines 1-37, 
column 3, lines 27-58, column 6, lines 1-18, column 11, lines 30-58, column 24, lines 1-67). 
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21 . Referring to claim 18 , Hogan further discloses using a secret key identified in the AAV to 
encrypt a concatenation of the card holder's account number and at least portions of the bytes of 
the AAV 25 excluding bytes that represent the MAC (see abstract, figures 1,9, 1, column 1, line 
37 through column 2, line 47, column 3, lines 27-58, column 6, lines 1-18, column 11, lines 30- 
58, column 24, lines 1-67); and assigning a portion of the encryption result to the MAC bytes in 
the AAV (see abstract, figures 2, 6, column 1, lines 37-61, column 2, lines 1-37, column 3, lines 
27-58, column 6, lines 1-18, column 14, lines 4-64, column 21, lines 1-35, column 22, lines 53- 
67). 



22. Referring to claim 19 , Hogan further discloses using a pair of pair secret keys A and B 
that are identified in the A. AV to encrypt a concatenation of the card holder's account number, 
card expiration date and service code to generate a three-digit CVC2 field (see abstract, figures 
2, 6, column 1, lines 37-61, column 2, lines 1-37, column 3, lines 27-58, column 6, lines 1-18, 
column 14, lines 4-64, column 21, lines 1-35, column 22, lines 53-67); and assigning the result to 
populate two bytes of the MAC (see abstract, figures 1,9, 1, column 1, line 37 through column 2, 
line 47, column 3, lines 27-58, column 6, lines 1-18, column 11, lines 30-58, column 24, lines 1- 
67). 



23. Referring to claim 20 , Hogan further discloses wherein the pair of secret keys A and B 
are 64 bit Data Encryption Standard (DES) keys (see abstract, column 6, lines 1-18, table II, 
column 7, lines 1-18, column 9, lines 51-67, column 24, lines 51-67). 
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24. Referring to claim 21 , Hogan further discloses wherein transporting the AAV in 3-D 
Secure messages to the merchant, comprises transporting the AAV in a payment authentication 
response message that is digitally signed by the ACS (see abstract, figures 2, 6, column 1, line 37 
through column 2, line 47, column 3, lines 27-58, column 6, lines 1-18, column 14, lines 4-64, 
column 21, lines 1-35, column 22, lines 53-67). 

25. Referring to claim 22 , Hogan further discloses first, verification by the merchant of the 
digital signature on a received payment authentication response message (see abstract, figures 2, 
6, column 1, lines 37-61, column 2, lines 1-37, column 3, lines 27-58, column 6, lines 1-18, 
column 14, lines 4-64, column 21, lines 1-35, column 22, lines 53-67); and next, extraction of the 
MAC fields from the received payment authentication response message by the merchant (see 
abstract, figures 2, 6, column 1, line 37 through column 2, line 47, column 3, lines 27-58, column 
6, lines 1-18, column 14, lines 4-64, column 21, lines 1-35, column 22, lines 53-67). 

Response to Arguments 

26. Applicant's arguments filed on June 9, 2009 have been fully considered but they are not 
persuasive. 

27. Applicant's arguments with respect to claims 1-22 have been considered but are moot in 
view of the new ground(s) of rejection. 
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Conclusion 

28. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

29. Any inquiry concerning this communication or earlier communications from the patent 
examiner should be directed to Shahid Kamal whose telephone number is (571) 270-3272. The 
Patent examiner can normally be reached on Monday-Thursday (8:30am -7:00pm), Friday off. 

30. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew J. Fischer can be reached on (571) 272-6779. The fax phone number for this 
origination where this application or proceeding is assigned is (571) 273-8300. 

3 1 . Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published application 
may be obtained from either Private PAIR or Public PAIR. 

32. Statues information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http ://pair-directed.uspto . gov . 

33. Should you have any questions on accessing to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 1(866) 217-9197 (toll free). If you would like assistance 
from a USPTO Customer Service Representative or access to the automated information system, 
call 1(800) 786-9199 (IN USA OR CANADA) or 1(571) 272-1000. 

SK 

September 4, 2009 

/EVENS J. AUGUSTIN/ 
Primary Examiner, Art Unit 3621 
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